LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How strictly do your users obey your security policies?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Security Week: December 1st, 2008
Linux Advisory Watch: November 28th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2008:177 ] xine-lib Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title (CVE-2008-1878). The updated packages have been patched to correct this issue. 
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:177
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xine-lib
 Date    : August 20, 2008
 Affected: 2008.1
 _______________________________________________________________________

 Problem Description:

 Guido Landi found A stack-based buffer overflow in xine-lib
 that could allow a remote attacker to cause a denial of service
 (crash) and potentially execute arbitrary code via a long NSF title
 (CVE-2008-1878).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 10db71c6a43508d36ba8d93f290f72d6  2008.1/i586/libxine1-1.1.11.1-4.2mdv2008.1.i586.rpm
 106e82cbd1e2ed40f533fe6d28f2ccfb  2008.1/i586/libxine-devel-1.1.11.1-4.2mdv2008.1.i586.rpm
 80f94cbfc8be99ea04de884066a5b95e  2008.1/i586/xine-aa-1.1.11.1-4.2mdv2008.1.i586.rpm
 9d42258f0e3ae0128d054ae53805cbd8  2008.1/i586/xine-caca-1.1.11.1-4.2mdv2008.1.i586.rpm
 31d7177e7ae1b81e89fc28811ba4567e  2008.1/i586/xine-dxr3-1.1.11.1-4.2mdv2008.1.i586.rpm
 b0a98953adc702b1921135412ad603cd  2008.1/i586/xine-esd-1.1.11.1-4.2mdv2008.1.i586.rpm
 086ee1475478bd3e64a3dc4b9f677dcd  2008.1/i586/xine-flac-1.1.11.1-4.2mdv2008.1.i586.rpm
 43e7881b465be3ed1df25247af758692  2008.1/i586/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.i586.rpm
 e07999dc5149e38ed39a778e46298523  2008.1/i586/xine-image-1.1.11.1-4.2mdv2008.1.i586.rpm
 fdc64b384993234582716d49beadd3e0  2008.1/i586/xine-jack-1.1.11.1-4.2mdv2008.1.i586.rpm
 6ec501e08df57145bcf1eeb4730f43dd  2008.1/i586/xine-plugins-1.1.11.1-4.2mdv2008.1.i586.rpm
 6d0a6630688d65cad364fb4b60449867  2008.1/i586/xine-pulse-1.1.11.1-4.2mdv2008.1.i586.rpm
 cb42e25b94a5c6bbf640878cedef4ab1  2008.1/i586/xine-sdl-1.1.11.1-4.2mdv2008.1.i586.rpm
 61dc627d3b187ba4cf0281b956b7fa56  2008.1/i586/xine-smb-1.1.11.1-4.2mdv2008.1.i586.rpm
 b032fa9c5083bcc6130b550983efb024  2008.1/i586/xine-wavpack-1.1.11.1-4.2mdv2008.1.i586.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a9ff3e2ff6df1a32a53f5c18d4f0385a  2008.1/x86_64/lib64xine1-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 87c32e02d5cd1fb408e934a2dc3007ba  2008.1/x86_64/lib64xine-devel-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 59375c9ce1868bb410b03851d6798718  2008.1/x86_64/xine-aa-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 f45bcfce4d66d8a2b683371dd7030e37  2008.1/x86_64/xine-caca-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 4775483c71308e162ef87b99ac303d90  2008.1/x86_64/xine-dxr3-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 bdb716d2e1bd7477a78cba9725b93b90  2008.1/x86_64/xine-esd-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 5bfe733f4a30232c91c573238fc3beb2  2008.1/x86_64/xine-flac-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 7ac3d2c4b723f5e72727d8719d50b35c  2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 401c5dbc008597aa06774b3eeb02e57d  2008.1/x86_64/xine-image-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 2957efe6941036a9f97621068587614f  2008.1/x86_64/xine-jack-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 acdba1ff341e79ce14b31aeecfb5d573  2008.1/x86_64/xine-plugins-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 0b5a46d078f22d304e413e7772992903  2008.1/x86_64/xine-pulse-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 312ef813d09a5dfd7456e9a3a500fc06  2008.1/x86_64/xine-sdl-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 ad61d3fd3e66e92f18464e5622cba4c3  2008.1/x86_64/xine-smb-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 74380a1f6f47ae4ba8f88031b39304a5  2008.1/x86_64/xine-wavpack-1.1.11.1-4.2mdv2008.1.x86_64.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 
< Prev   Next >
    
Partner:

 
Latest Features
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Yesterday's Edition
Linux Role in Botnets Studied
10 Mistakes New Linux Administrators Make

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.